Re: [FW1] MAD?

Tue, 31 Oct 2000 15:43:49 -0800 


MAD is only an after the fact detection system.  It is not at all related to 
CyberAttackDefenseSystem, which
is still awaiting deployment.

"Carl E. Mankinen" wrote:

> I don't think its "just a log parser". From what I understand, it processes new log 
>entries in realtime.
> It requires the ELA proxy as a result, and I remember something about CADS...but I 
>don't think
> it was very usefull in practice.
>
> Another reason to keep the ELA proxy turned on (assuming you want MAD sending you 
>pages etc)
>
> ----- Original Message -----
> From: "Drew Simonis" <[EMAIL PROTECTED]>
> To: "Carl E. Mankinen" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Tuesday, October 31, 2000 3:38 PM
> Subject: Re: [FW1] MAD?
>
> >
> > "Carl E. Mankinen" wrote:
> > >
> > > From I was told, it builds table entries of it's own for all the connections 
>thru the firewall and
> > > works somewhat independently of the inspect engine. It also hooks into the 
>logging daemon
> > > and detects log entries.
> > >
> >
> > IIRC CPMAD is a simple log parser.  It does no more than go through
> > logged events and apply the criteria to them, looking for things
> > that meet its settings.  Nothing exciting to it.  As far as its
> > picky config file and the odd memory issues, I was told the same
> > thing.
> >
> >
> > ================================================================================
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ================================================================================
> >
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to